- SSL-specific calls grouped in a separate header

- added API to set flags
- added API to use PKCS11 objects

diff --git a/emi.canl.canl-c/src/canl.h b/emi.canl.canl-c/src/canl.h
index 0e0f82f..5c1cf37 100644 (file)
--- a/emi.canl.canl-c/src/canl.h
+++ b/emi.canl.canl-c/src/canl.h
@@ -74,10 +74,6 @@ canl_mech2str(canl_ctx, gss_OID);
 const gss_OID CANL_CALLCONV
 canl_str2mech(canl_ctx, const char mech);
 
-canl_err_code CANL_CALLCONV
-canl_ctx_set_ssl_cred(canl_ctx cc, char *cert, char *key,
-                     canl_password_callback cb, void *userdata);
-
 #ifdef __cplusplus
 }       
 #endif 

diff --git a/emi.canl.canl-c/src/canl_cred.h b/emi.canl.canl-c/src/canl_cred.h
index a42ad31..1bafb71 100644 (file)
--- a/emi.canl.canl-c/src/canl_cred.h
+++ b/emi.canl.canl-c/src/canl_cred.h
@@ -51,6 +51,10 @@ canl_cred_load_priv_key_file(canl_ctx, canl_cred, const char *,
                             canl_password_callback, void *);
 
 canl_err_code CANL_CALLCONV
+canl_cred_load_priv_key_pkcs11(canl_ctx, canl_cred, const char *,
+                              canl_password_callback, void *);
+
+canl_err_code CANL_CALLCONV
 canl_cred_load_chain(canl_ctx, canl_cred, STACK_OF(X509) *);
 
 canl_err_code CANL_CALLCONV
@@ -63,6 +67,9 @@ canl_err_code CANL_CALLCONV
 canl_cred_load_cert_file(canl_ctx, canl_cred, const char *);
 
 canl_err_code CANL_CALLCONV
+canl_cred_load_cert_pkcs11(canl_ctx, canl_cred, const char *);
+
+canl_err_code CANL_CALLCONV
 canl_cred_set_lifetime(canl_ctx, canl_cred, long);
 
 canl_err_code CANL_CALLCONV

diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c
index 4a1c835..fb93e4d 100644 (file)
--- a/emi.canl.canl-c/src/canl_ssl.c
+++ b/emi.canl.canl-c/src/canl_ssl.c
@@ -1,4 +1,5 @@
 #include "canl_locl.h"
+#include "canl_ssl.h"
 
 #define SSL_SERVER_METH SSLv23_server_method()
 #define SSL_CLIENT_METH SSLv3_client_method()

diff --git a/emi.canl.canl-c/src/canl_ssl.h b/emi.canl.canl-c/src/canl_ssl.h
index 694970c..e3967ed 100644 (file)
--- a/emi.canl.canl-c/src/canl_ssl.h
+++ b/emi.canl.canl-c/src/canl_ssl.h
@@ -7,16 +7,28 @@
 extern "C" {
 #endif
 
-typedef void *canl_x509;
-typedef void *canl_stack_of_x509;
-typedef void *canl_pkey;
+typedef enum canl_ctx_ssl_flags {
+    CANL_ACCEPT_SSLv2          = 0x0001,
+} canl_ctx_ssl_flags;
 
-typedef char (*canl_password_callback)(canl_ctx cc, void *userdata);
+canl_ctx CANL_CALLCONV
+canl_ctx_set_ssl_flags(canl_ctx, unsigned int);
 
-int canl_set_ctx_own_cert(canl_ctx cc, canl_x509 cert,
-        canl_stack_of_x509 chain, canl_pkey key);
-int canl_set_ctx_own_cert_file(canl_ctx cc, char *cert, char *key,
-        canl_password_callback cb, void *userdata);
+canl_err_code CANL_CALLCONV
+canl_ctx_set_ssl_cred(canl_ctx, char *, char *key,
+                     canl_password_callback, void *);
+
+canl_err_code CANL_CALLCONV
+canl_ctx_set_ca_dir(canl_ctx, const char *);
+
+canl_err_code CANL_CALLCONV
+canl_ctx_set_crl_dir(canl_ctx, const char *);
+
+canl_err_code CANL_CALLCONV
+canl_ctx_set_pkcs11_lib(canl_ctx, const char *);
+
+canl_err_code CANL_CALLCONV
+canl_ctx_set_pkcs11_init_args(canl_ctx, const char *);
 
 #ifdef __cplusplus
 }